Merge branch 'feature/1922-media-proxy-whitelist' into 'develop'

Support for hosts with scheme in MediaProxy whitelist setting Closes #1922 See merge request pleroma/pleroma!2754
2020-07-14 18:07:44 +00:00 · 2020-07-14 18:07:44 +00:00 · 3f65f2ea79
commit 3f65f2ea79
parent 63798e89de b376442325
11 changed files with 282 additions and 199 deletions
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@ -108,31 +108,48 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
    |> :erlang.iolist_to_binary()
  end

+  defp build_csp_from_whitelist([], acc), do: acc
+
+  defp build_csp_from_whitelist([last], acc) do
+    [build_csp_param_from_whitelist(last) | acc]
+  end
+
+  defp build_csp_from_whitelist([head | tail], acc) do
+    build_csp_from_whitelist(tail, [[?\s, build_csp_param_from_whitelist(head)] | acc])
+  end
+
+  # TODO: use `build_csp_param/1` after removing support bare domains for media proxy whitelist
+  defp build_csp_param_from_whitelist("http" <> _ = url) do
+    build_csp_param(url)
+  end
+
+  defp build_csp_param_from_whitelist(url), do: url
+
  defp build_csp_multimedia_source_list do
    media_proxy_whitelist =
-      Enum.reduce(Config.get([:media_proxy, :whitelist]), [], fn host, acc ->
-        add_source(acc, host)
-      end)
-
-    media_proxy_base_url = build_csp_param(Config.get([:media_proxy, :base_url]))
-
-    upload_base_url = build_csp_param(Config.get([Pleroma.Upload, :base_url]))
-
-    s3_endpoint = build_csp_param(Config.get([Pleroma.Uploaders.S3, :public_endpoint]))
+      [:media_proxy, :whitelist]
+      |> Config.get()
+      |> build_csp_from_whitelist([])

    captcha_method = Config.get([Pleroma.Captcha, :method])
+    captcha_endpoint = Config.get([captcha_method, :endpoint])

-    captcha_endpoint = build_csp_param(Config.get([captcha_method, :endpoint]))
+    base_endpoints =
+      [
+        [:media_proxy, :base_url],
+        [Pleroma.Upload, :base_url],
+        [Pleroma.Uploaders.S3, :public_endpoint]
+      ]
+      |> Enum.map(&Config.get/1)

-    []
-    |> add_source(media_proxy_base_url)
-    |> add_source(upload_base_url)
-    |> add_source(s3_endpoint)
+    [captcha_endpoint | base_endpoints]
+    |> Enum.map(&build_csp_param/1)
+    |> Enum.reduce([], &add_source(&2, &1))
    |> add_source(media_proxy_whitelist)
-    |> add_source(captcha_endpoint)
  end

  defp add_source(iodata, nil), do: iodata
+  defp add_source(iodata, []), do: iodata
  defp add_source(iodata, source), do: [[?\s, source] | iodata]

  defp add_csp_param(csp_iodata, nil), do: csp_iodata